From 9bae4c305a20eb0ca659ffaf9ff50bcdb5fbda3c Mon Sep 17 00:00:00 2001 From: Knut Ahlers Date: Sat, 29 Oct 2022 23:15:08 +0200 Subject: [PATCH] Add osslvault filter Signed-off-by: Knut Ahlers --- .gitconfig | 5 +++++ bin/git-filter-osslvault | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100755 bin/git-filter-osslvault diff --git a/.gitconfig b/.gitconfig index 7f0b64d..9f9427a 100644 --- a/.gitconfig +++ b/.gitconfig @@ -36,6 +36,11 @@ required = true clean = git-lfs clean -- %f smudge = git-lfs smudge -- %f +[filter "osslvault"] +clean = git-filter-osslvault -f %f clean +smudge = git-filter-osslvault smudge +required = true + [gpg] program = gpg2 diff --git a/bin/git-filter-osslvault b/bin/git-filter-osslvault new file mode 100755 index 0000000..e5b045a --- /dev/null +++ b/bin/git-filter-osslvault @@ -0,0 +1,39 @@ +#!/bin/bash +set -euo pipefail + +source ~/bin/script_framework.sh + +function usage() { fatal "Usage: $0 -f "; } + +check_utils \ + openssl \ + sha256sum \ + vault + +passkey="secret/osslvault/$(basename $(pwd))" +salt="" + +while getopts ":f:k:" o; do + case "${o}" in + f) salt="$(sha256sum ${OPTARG} | cut -d ' ' -f 1)" ;; + k) passkey="${OPTARG}" ;; + *) usage ;; + esac +done +shift $((OPTIND - 1)) + +pass="$(vault read -field=pass "${passkey}")" +[[ -n $pass ]] || fatal "Password not found." + +case ${1:-_invalid} in +clean) + [[ -n $salt ]] || fatal "Missing paramter -f" + openssl enc -k ${pass} -S ${salt} -pbkdf2 -e -a + ;; +smudge) + openssl enc -k ${pass} -pbkdf2 -d -a + ;; +*) + usage + ;; +esac